Banks to bring in two-factor authentication

News

Banks to bring in two-factor authentication

Bill Goodwin
UK banks are planning to introduce two-factor authentication for business customers using online banking services by the end of the year, banking industry trade body Apacs said last week.

The move, which is likely to be followed by the wider roll-out of two-factor authentication for consumers using online banking services, is part of the banks' fight against phishing - criminals using spoof e-mails to obtain people's passwords and account details - which they fear is eroding confidence in online banking.

Apacs is co-ordinating the development of technical standards for two-factor authentication, based on security standards developed by Visa and MasterCard. But it will leave it to each bank to decide how they deploy the technology.

"We are not looking at any requirements of timescales or co-ordinated roll-out," said Tom Salmond, e-commerce consultant at Apacs. "Each bank is looking at applicable time schedules and applicable customer segments.

"Small business customers are likely to be the first. The first deployment is likely by the end of the year."

UK banks are developing technical standards to offer two-factor authentication using a combination of chip and Pin cards and readers to generate one-time passwords.

Other security technologiesare also under consideration, including a challenge response mechanism that would require the bank to e-mail the customer a number to type into a card reader to generate a one-time password.

Another option is a data signing function, which would require the customer to confirm the account number and the amount of money to be transferred when moving money between accounts.

The additional security measures are designed to prevent "man-in-the-middle" attacks, in which a hacker intercepts a one-time password and then uses it to access a customer's online bank account.

"The aim is to define which elements of the MasterCard and Visa authentication standards are most applicable in the UK," said Salmond. "Several different options are being reviewed."

Apacs said it expects to complete the technical specifications for the authentication system by early May. Banks are likely to pilot the technology during the summer.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy